%define		path_to_vi /bin/vi
%define		path_to_sendmail /usr/sbin/sendmail

Name:		tripwire
Version:	2.4.1.2
Release:	4%{?dist}
Summary:	IDS (Intrusion Detection System)

License:	GPL
Group:		Applications/System
Source0:	http://download.sourceforge.net/tripwire/%{name}-%{version}-src.tar.bz2
Source1:	tripwire.cron.in
Source2:	config.guess
Source3:	tripwire.gif
Source4:	twcfg.txt.in
Source5:	tripwire-setup-keyfiles.in
Source6:	twpol.txt.in
Source7:	README.Fedora.in
Source9:	License-Issues
URL:		http://www.tripwire.org/
BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

BuildRequires:	openssl-devel
Requires(post):	sed

Patch1:		tripwire-siggen-man8.patch

%description
Tripwire is a very valuable security tool for Linux systems, if  it  is
installed to a clean system. Tripwire should be installed  right  after
the OS installation, and before you have connected  your  system  to  a
network (i.e., before any possibility exists that someone  could  alter
files on your system).

When Tripwire is initially set up, it creates a database  that  records
certain file information. Then when it is run, it compares a designated
set of files and directories to the information stored in the database.
Added or deleted files are flagged and reported, as are any files  that
have changed from their previously recorded state in the database. When
Tripwire is run against system files  on  a  regular  basis,  any  file
changes will be spotted when Tripwire is run. Tripwire will report  the
changes, which will give system administrators a clue that they need to
enact damage control measures immediately if certain  files  have  been
altered.

%prep
%setup -q -n %{name}-%{version}-src
%{__cp} -p %{SOURCE2} .
%{__cp} -p %{SOURCE3} .

%patch1 -p1 -b .siggen.manpage

%build
%{__chmod} 755 configure
# RPM_OPT_FLAGS break the code (deadlock).
export CXXFLAGS="-O -Wall -pipe -g"
./configure -q \
	path_to_vi=%{path_to_vi} \
	path_to_sendmail=%{path_to_sendmail} \
	--prefix=/ \
	--sysconfdir=%{_sysconfdir}/tripwire \
	--sbindir=%{_sbindir} \
	--libdir=%{_var}/lib \
	--mandir=%{_mandir}

%{__make} %{?_smp_mflags}

%install
%{__rm} -fr ${RPM_BUILD_ROOT}

# Install the binaries.
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_sbindir}
%{__install} -p -m755 bin/siggen ${RPM_BUILD_ROOT}%{_sbindir}
%{__install} -p -m755 bin/tripwire ${RPM_BUILD_ROOT}%{_sbindir}
%{__install} -p -m755 bin/twadmin ${RPM_BUILD_ROOT}%{_sbindir}
%{__install} -p -m755 bin/twprint ${RPM_BUILD_ROOT}%{_sbindir}

# Install the man pages.
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_mandir}/{man4,man5,man8}
%{__install} -p -m644 man/man4/*.4 ${RPM_BUILD_ROOT}%{_mandir}/man4/
%{__install} -p -m644 man/man5/*.5 ${RPM_BUILD_ROOT}%{_mandir}/man5/
%{__install} -p -m644 man/man8/*.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/

# Create configuration files from templates.
%{__rm} -fr _tmpcfg
%{__mkdir} _tmpcfg
for infile in %{SOURCE1} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE7} ; do
	outfile=${infile##/*/}
	outfile=${outfile%.*n}
	cat ${infile} |\
	%{__sed} -e 's|@path_to_vi@|%{path_to_vi}|g' |\
	%{__sed} -e 's|@path_to_sendmail@|%{path_to_sendmail}|g' |\
	%{__sed} -e 's|@sysconfdir@|%{_sysconfdir}|g' |\
	%{__sed} -e 's|@sbindir@|%{_sbindir}|g' |\
	%{__sed} -e 's|@vardir@|%{_var}|g' >\
	_tmpcfg/${outfile}
done
%{__mv} _tmpcfg/{tripwire-setup-keyfiles,README.Fedora} .

# Create the reports directory.
%{__install} -d -m700 ${RPM_BUILD_ROOT}%{_var}/lib/tripwire/report

# Install the cron job.
%{__install} -d -m755 ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily
%{__install} -p -m755 _tmpcfg/tripwire.cron \
	${RPM_BUILD_ROOT}%{_sysconfdir}/cron.daily/tripwire-check
%{__rm} _tmpcfg/tripwire.cron

# Install configuration files.
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_sysconfdir}/tripwire
for file in _tmpcfg/* ; do
	%{__install} -p -m644 ${file} ${RPM_BUILD_ROOT}%{_sysconfdir}/tripwire
done

# Install the keyfile setup script
%{__install} -p -m755 tripwire-setup-keyfiles ${RPM_BUILD_ROOT}%{_sbindir}

# Fix permissions on documentation files.
%{__cp} -p %{SOURCE9} .
%{__chmod} 644 \
	ChangeLog COMMERCIAL COPYING TRADEMARK tripwire.gif \
	README.Fedora policy/policyguide.txt License-Issues


%clean
%{__rm} -rf ${RPM_BUILD_ROOT}


%post
# Set the real hostname in twpol.txt
%{__sed} -i -e "s|localhost|$HOSTNAME|g" %{_sysconfdir}/tripwire/twpol.txt


%files
%defattr(0644,root,root,0755)
%doc ChangeLog COMMERCIAL COPYING TRADEMARK tripwire.gif
%doc README.Fedora policy/policyguide.txt License-Issues
%attr(0700,root,root) %dir %{_sysconfdir}/tripwire
%config(noreplace) %{_sysconfdir}/tripwire/twcfg.txt
%config(noreplace) %{_sysconfdir}/tripwire/twpol.txt
%attr(0755,root,root) %{_sysconfdir}/cron.daily/tripwire-check
%attr(0700,root,root) %dir %{_var}/lib/tripwire
%attr(0700,root,root) %dir %{_var}/lib/tripwire/report
%{_mandir}/*/*
%attr(0755,root,root) %{_sbindir}/*


%changelog
* Fri Dec 07 2007 Release Engineering <rel-eng at fedoraproject dot org> - 2.4.1.2-4
- Rebuild for deps

* Wed Aug 29 2007 Brandon Holbrook <fedora at theholbrooks.org> 2.4.1.2-3
- Pull in a new config.guess to properly detect ppc64 archs

* Wed Aug 29 2007 Brandon Holbrook <fedora at theholbrooks.org> 2.4.1.2-2
- Upgrade to 2.4.1.2

* Wed Feb 28 2007 Brandon Holbrook <fedora at theholbrooks.org> 2.4.1.1-1
- Upgrade to upstream 2.4.1.1 (obsoletes gcc4 patch)
- Merge quickstart.txt into README.Fedora and fix doc bug (#161764)

* Thu Dec 21 2006 Brandon Holbrook <fedora at theholbrooks.org> 2.4.0.1-4
- Don't print anything at install time

* Tue Dec 19 2006 Brandon Holbrook <fedora at theholbrooks.org> 2.4.0.1-3
- Changed defattr to 644,755
- removed BR: autoconf
- Inform users about README.Fedora instead of spamming the install
  with catting the whole file

* Wed Nov 15 2006 Brandon Holbrook <fedora at theholbrooks.org> 2.4.0.1-2
- chmod'ed /etc/tripwire to 0700
- Added sed to Requires(post)

* Tue Aug 22 2006 Brandon Holbrook <fedora at theholbrooks.org> 2.4.0.1-1.4
- Include COMMERCIAL file from upstream
- Print README.RPM on initial install
- Added _smp_mflags to make
- Removed ExclusiveArch: ix86
- Replaced 2.3 with 2.4 in tripwire.txt

* Tue Aug 22 2006 Brandon Holbrook <fedora at theholbrooks.org> 2.4.0.1-1.2
- Updated to 2.4.0.1

* Fri Apr  7 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
- rebuilt

* Tue Jun 15 2004 Keith G. Robertson-Turner <tripwire-devel[AT]genesis-x.nildram.co.uk> 0:2.3.1-20.fdr.1
- Revision bump to supersede Fedora Legacy
- Fixed a bogus entry in twpol.txt.in (modeprobe.conf -> modprobe.conf)

* Thu Jun 10 2004 Keith G. Robertson-Turner <tripwire-devel[AT]genesis-x.nildram.co.uk> 0:2.3.1-18.fdr.9
- Applied Paul Herman's patch to fix a format string vulnerability in
 pipedmailmessage.cpp

* Sun Feb 29 2004 Keith G. Robertson-Turner <tripwire-devel[AT]genesis-x.nildram.co.uk> 0:2.3.1-18.fdr.8
- Default policy overhaul
- Spec cleanup

* Sun Feb 22 2004 Keith G. Robertson-Turner <tripwire-devel[AT]genesis-x.nildram.co.uk> 0:2.3.1-18.fdr.7
- Moved documentation data out of package description

* Sat Feb 21 2004 Keith G. Robertson-Turner <tripwire-devel[AT]genesis-x.nildram.co.uk> 0:2.3.1-18.fdr.6
- Removed explicit Buildrequires gcc-c++

* Fri Feb 20 2004 Keith G. Robertson-Turner <tripwire-devel[AT]genesis-x.nildram.co.uk> 0:2.3.1-18.fdr.5
- Finally moved twinstall.sh from the sysconfdir to the sbindir, since
  it is not a configuration file. Fixes Red Hat bug #61855
- Renamed twinstall.sh to tripwire-setup-keyfiles, since  the  name  is
  misleading. It is setting up keyfiles, not installing an  application
- Minor correction to twinstall.sh (now tripwire-setup-keyfiles), which
  made an incorrect reference to the site key rather than the local key
- Long overdue default policy update
- Added explicit Buildrequires gcc-c++, to satisfy mach

* Thu Feb 19 2004 Keith G. Robertson-Turner <tripwire-devel[AT]genesis-x.nildram.co.uk> 0:2.3.1-18.fdr.4
- Fixed siggen.8 man page, broken command synopsis syntax. Submitted by
  doclifter
- Set real hostname in post, so  Tripwire  works  first  time,  without
  editing twpol.txt
- More accurate package summary
- Spec cleanup

* Fri Nov 28 2003 Keith G. Robertson-Turner <tripwire-devel[AT]genesis-x.nildram.co.uk> 0:2.3.1-18.fdr.3
- Thanks to Michael Schwendt for really cleaning up the Spec file
- The remaining parts of the  original  tripwire-2.3.1-gcc3.patch  have
  now been implemented
- Debuginfo fully builds now

* Thu Nov 27 2003 Keith G. Robertson-Turner <tripwire-devel[AT]genesis-x.nildram.co.uk> 0:2.3.1-18.fdr.2
- Removed version specific grep dependency, since grep >= 2.3 is common
- Added openssl-devel and autoconf to build dependencies
- The tripwire-jbj.patch is now confirmed merged with tw-20030919.patch
- Added RPM optimisation flags option, disabled  by  default  since  it
  breaks the code
- Fixed file permissions of packaged files

* Wed Nov 26 2003 Keith G. Robertson-Turner <tripwire-devel[AT]genesis-x.nildram.co.uk> 0:2.3.1-18.fdr.1
- Implemented Paul Herman's tw-20030919.patch
- Removed the fhs gcc3 and jbj patches, which are now  broken/obsoleted
  by the above
- Both the mkstemp and rfc822 patches are still implemented
- Build uses autoconf for now
- Spec file given complete overhaul for stricter compliance. More to do

* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
- rebuilt

* Sat Nov 16 2002 Jeff Johnson <jbj@redhat.com> 2.3.1-16
- rebuild from cvs.
- comment out debug messages to achieve compilation.
- include policyguide.txt (#72259).
- use mkstemp, not mktemp.

* Fri Aug 02 2002 Mike A. Harris <mharris@redhat.com> 2.3.1-14
- Modified default sample twpol file to remove bogus warnings (#70502)

* Fri Jun 21 2002 Tim Powers <timp@redhat.com> 2.3.1-13
- automated rebuild

* Sun May 26 2002 Tim Powers <timp@redhat.com> 2.3.1-12
- automated rebuild

* Wed May 22 2002 Mike A. Harris <mharris@redhat.com> 2.3.1-11
- Rebuilt in new build environment with gcc 3.1

* Tue Feb 26 2002 Mike A. Harris <mharris@redhat.com> 2.3.1-9
- Conditionalized gcc3 patch
- Added back the ExclusiveArch that is required but disappeared somewhere along
  the line.
- Rebuild in new build environment

* Thu Jan 31 2002 Mike A. Harris <mharris@redhat.com> 2.3.1-7
- Bump release and rebuild in new environment.
- (Elliot Lee) Add patch to make it build with gcc3.

* Thu Aug  9 2001 Nalin Dahyabhai <nalin@redhat.com> 2.3.1-5
- define USE_FHS when USES_FHS is defined, so that the database winds up
  in the right directory (#51332)
- update default twpol file to include files recently-added to the full
  installation tree

* Tue Jul 17 2001 Mike A. Harris <mharris@redhat.com> 2.3.1-4
- Applied bugfix for (#47276) to make tripwire email RFC822 compliant, using
  patch in bugreport from Michael Schwendt <mschwendt@yahoo.com>

* Tue Jul 10 2001 Mike A. Harris <mharris@redhat.com> 2.3.1-3
- Made package own dir /var/lib/tripwire

* Mon Jun 25 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 2.3.1-2

* Thu Mar  1 2001 Bill Nottingham <notting@redhat.com>
- rebuild, fix defattr. Weird.

* Tue Feb 27 2001 Nalin Dahyabhai <nalin@redhat.com>
- refresh from upstream
- modify the default policy to match the current tree more closely (#28744)
- make the text files 0644, not 0755
- defattr for the sake of the docs

* Wed Sep 20 2000 Nalin Dahyabhai <nalin@redhat.com>
- change exclusivearch: i386 to exclusivearch: %%{ix86} (#17759)

* Wed Aug 23 2000 Than Ngo <than@redhat.com>
- remove copyleft information in specfile (Bug #16765)

* Tue Aug 22 2000 Nalin Dahyabhai <nalin@redhat.com>
- remove duplicate source files
- sync up description with specspo

* Fri Aug 4 2000 Than Ngo <than@redhat.de>
- remove Vendor and Distribution from specfile (Bug #15246)

* Fri Aug 4 2000 Than Ngo <than@redhat.de>
- starts tripwire --check if it was configured before. (Bug #15384)

* Fri Aug 4 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix sense of checking for the database's existence in the cron job
- actually include twinstall.sh, twcfg.txt, twpol.txt

* Thu Aug 3 2000 Than Ngo <than@redhat.de>
- permission fix (bug #15246)

* Mon Jul 31 2000 Nalin Dahyabhai <nalin@redhat.com>
- add quickstart docs (Ed)
- tweak description text (Ed)

* Thu Jul 20 2000 Nalin Dahyabhai <nalin@redhat.com>
- update .spec file to follow RPM conventions
- add tripwire --check to cron.daily